States in Security Process
It has been stated that security is a continuous process; what are the states in this process?
Asked by Laura on June 25, 2025
1 Answers
The continuous process of security involves several key states:
- Assessment: This state involves identifying an organization's information assets, potential threats, existing vulnerabilities, and evaluating the resulting risks. For example, a bank might assess the risk of a phishing attack targeting customer login credentials. Frameworks like OCTAVE aid in this systematic evaluation. (Source: Kizza, Joseph Migga. Guide to Computer Network Security. https://books.google.com.gh/books?id=sbA_AAAAQBAJ; OCTAVE: Information Security Risk Evaluation. http://www.cert.org/octave/)
- Policy and Strategy Development: Based on the risk assessment, this state focuses on creating comprehensive security policies, standards, and strategies. An example is developing an access control policy that dictates who can view or modify sensitive data. (Source: Kizza, Joseph Migga. Guide to Computer Network Security. https://books.google.com.gh/books?id=sbA_AAAAQBAJ)
- Implementation: During this state, the defined security controls are deployed and configured. This includes technical controls, like installing firewalls or intrusion detection systems; administrative controls, such as employee security awareness training; and physical controls, like securing server rooms. (Source: Kizza, Joseph Migga. Guide to Computer Network Security. https://books.google.com.gh/books?id=sbA_AAAAQBAJ; Putvinski M. IT security series part 1: information security best practices. http://www.corporatecomplianceinsights.com/information-security-best-practices)
- Monitoring and Operation: This state involves the ongoing operation of security controls and continuous monitoring for security events or incidents. For instance, a security operations center (SOC) might monitor network traffic for anomalies or track failed login attempts to detect brute-force attacks. (Source: Kizza, Joseph Migga. Guide to Computer Network Security. https://books.google.com.gh/books?id=sbA_AAAAQBAJ)
- Review and Adaptation: The final state involves regularly reviewing the effectiveness of the security program and its controls, performing audits, and making necessary adjustments. For example, after a penetration test reveals a new vulnerability, security policies or controls would be updated to address it. This feedback loop ensures security remains current and effective. (Source: Kizza, Joseph Migga. Guide to Computer Network Security. https://books.google.com.gh/books?id=sbA_AAAAQBAJ; CobiT a Practical Toolkit for IT Governance. http://www.ncc.co.uk/ncc/myitadviser/archive/issue8/business_processes.cfm)
Jaxon - June 25, 2025
Your Answer
Related Questions
-
What is security and information security? What is the difference?
1 answers
-
What is security and information security? What is the difference?
1 answers
-
What is security and information security? What is the difference?
1 answers
-
What are the differences between symmetric and asymmetric key systems?
1 answers
-
What are the differences between symmetric and asymmetric key systems?
1 answers
Popular Topics
Sponsored Content
[Google AdSense Unit - Desktop/Tablet]
Advertisement